Chrome is a piece of malicious ...
.... software anyway. Keeps wanting to get installed on your system no matter how many times you say NO.
Yahoo! today released its Axis extension for Chrome – and accidentally leaked its private security key that could allow anyone to create malicious plugins masquerading as official Yahoo! software. Australian entrepreneur Nik Cubrilovic, who last year garnered notice for identifying Facebook's tracking cookies, revealed the …
I shouldn't but I still feel sorry for the brand they destroy.
I never took their search serious, always considered them an internet utility. I just wish the days of inventions like "my Yahoo" (which is still ages ahead), full feature environments in instant messenger, news/ video and really wasted Yahoo finance/ broadband come back.
Damage limitation should be thought of limiting the damage of the already exposed key, not in terms of "should we stop distributing they key" (which should also happen)
It shouldn't take long to get a new private key signed by a certificate authority. They shouldn't have to do a full QA cycle on any re-released code as all they're doing is changing the signing certificate.
Is it more work and could take a few hours longer? Probably.
However, we've already REPEATEDLY seen situations where code signing keys have been used to inject malware without the popup requesting you acknowledge running unsigned code. Virus/trojan writers are likely already preparing their new code with this key as I type.
This demonstrates another example of the failure of trust chains. All the trust chain says is "CA X trusts that Company Y is who they say they are". but its been abused to say "this code is OK to install as the chain is valid" as the OS has a key from the CA. The entire process needs to be rethought.
I am just telling that axis, especially in certain areas have a bad feeling associated with it.
Like, you should ask Intel and others why they directly jumped to 667 mhz, not 666 or those super high tech buildings at China and Hong Kong don't have 4th floor or no German company will use number "88" as model/ version.
Actually, companies like Apple and Microsoft have large word lists consisting of things like that and they are even careful with some weird dll's filename buried in 5 folders deep. Amazon is said to have consulted with sociology experts and Turkish personnel while naming "mechanical Turk" whether it will offend Turks or not.